TY - GEN
T1 - VMBLS
T2 - IFIP WG 8.4/8.9 International Cross Domain Conference and Workshop on Availability, Reliability and Security for Business, Enterprise and Health Information Systems, ARES 2011
AU - Sato, Masaya
AU - Yamauchi, Toshihiro
PY - 2011
Y1 - 2011
N2 - Logging information is necessary in order to understand a computer's behavior. However, there is a possibility that attackers will delete logs to hide the evidence of their attacking and cheating. Moreover, various problems might cause the loss of logging information. In homeland security, the plans for counter terrorism are based on data. The reliability of the data is depends on that of data collector. Because the reliability of the data collector is ensured by logs, the protection of it is important problem. To address these issues, we propose a system to prevent tampering and loss of logging information using a virtual machine monitor (VMM). In this system, logging information generated by the operating system (OS) and application program (AP) working on the target virtual machine (VM) is gathered by the VMM without any modification of the OS. The security of the logging information is ensured by its isolation from the VM. In addition, the isolation and multiple copying of logs can help in the detection of tampering.
AB - Logging information is necessary in order to understand a computer's behavior. However, there is a possibility that attackers will delete logs to hide the evidence of their attacking and cheating. Moreover, various problems might cause the loss of logging information. In homeland security, the plans for counter terrorism are based on data. The reliability of the data is depends on that of data collector. Because the reliability of the data collector is ensured by logs, the protection of it is important problem. To address these issues, we propose a system to prevent tampering and loss of logging information using a virtual machine monitor (VMM). In this system, logging information generated by the operating system (OS) and application program (AP) working on the target virtual machine (VM) is gathered by the VMM without any modification of the OS. The security of the logging information is ensured by its isolation from the VM. In addition, the isolation and multiple copying of logs can help in the detection of tampering.
KW - Log
KW - digital forensics
KW - security
KW - virtual machine monitor
KW - virtualization
UR - http://www.scopus.com/inward/record.url?scp=80052329753&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80052329753&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-23300-5_14
DO - 10.1007/978-3-642-23300-5_14
M3 - Conference contribution
AN - SCOPUS:80052329753
SN - 9783642232992
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 176
EP - 190
BT - Availability, Reliability and Security for Business, Enterprise and Health Information Systems - IFIP WG 8.4/8.9 International Cross Domain Conference and Workshop, ARES 2011, Proceedings
Y2 - 22 August 2011 through 26 August 2011
ER -
